In computer systems, and particularly in networked computer systems, computers commonly acquire programs to execute from other computers. Before executing an acquired program, the acquiring computer typically performs processing on the program. For example, the computer may compile the program into machine language native to that computer. As another example, the computer may verify that the program satisfies certain security constraints. This verification is particularly important because, generally, the computer distrusts the acquired program; the security checks ensure that the program does not tamper with files and other resources of the computer.
FIG. 1 illustrates a typical prior art network 100 in which a first computer 110 uses a program processing tool 112 to verify and compile a program downloaded from a second computer 120. The program downloaded from the second computer 120 is in an intermediate form 130 that represents the program. The second computer 120 used an intermediate code generator 150 to generate the intermediate form 130 from source code 140 of the program. At the first computer 110, the processing tool 112 analyzes the code 130 to determine whether the code 130 is safe to compile and execute. The tool 112 also performs code optimization techniques to produce executable machine code 160 native to the first computer 110.
Security checks and compiler analyses consume system time and, as a result, can reduce performance. These analyses can also be ineffective because of insufficient information to perform a proper security check or insufficient time to thoroughly process available information.
Security checks, for example, may err on the side of caution and reject secure code because the information necessary to prove that the code is secure is lacking. Moreover, a security check itself may be a source of vulnerability because it is incorrectly designed or improperly implemented. Unwittingly, this security check may leave open doors for attack. Also, some compilers, such as just-in-time compilers, may not have sufficient time to perform thorough analysis for optimization. Without enough time for optimization, the machine code may perform poorly.
As a result, a need remains for a method and an apparatus that facilitate security checks and code analyses. Such a method and apparatus can lead to improved accuracy of the security checks and to machine code that performs better than what can currently be generated.